Then create the .httpauth password file, this file contains all
authentication information. The .httpauth file can be placed in the root of
the current buildout or in the ~/.buildout directory. Each row consists of
realm, uri, username, password.

Here is an example of the .httpauth file:

Example com realm, http://www.example.com, username, secret

Note that basic auth also works with any recipe using
zc.buildout.download (e.g. hexagonit.recipe.download) because this
extension also overwrites the url opener of zc.buildout.

As some eggs on PyPi also use public Github download URLs you may want to
whitelist the repos that authentication is required for as Github will
return a 401 error code even for public repositories if the wrong auth
details are provided.
To do this just list each repo in the format <gituser>/<repos> one per
line in the buildout config github-repos:

2010/09/28 0.3.4:

fixed behavour with python 2.6+. python 2.6 suddenly counts failed requests
but each request without auth counts as one, that makes buildout fail on
every 5th download in a single run.
I found this on windows, but should fail on linux too.

2010/08/28 0.3.3:

fixed typo on git command, introduced in 0.3.2

2010/08/28 0.3.2:

silently ignore failing git credential lookups

2010/05/28 0.3.1:

python2.4 comptibility fix (thanks to Godefroid Chapelle)

2010/05/27 0.3.0:

added support for zc.buildout.download, this allows various download
recipes to work with this credential extension. Requires at least
zc.buildout version 1.5.0b2

2010/03/24 0.3.0a1:

added github authentication, which now allows to download from
private github repositories